BookStack Code Mirror - bookstack/blob - tests/Api/UsersApiTest.php

   1 <?php
   2
   3 namespace Tests\Api;
   4
   5 use BookStack\Auth\Role;
   6 use BookStack\Auth\User;
   7 use Tests\TestCase;
   8
   9 class UsersApiTest extends TestCase
  10 {
  11     use TestsApi;
  12
  13     protected $baseEndpoint = '/api/users';
  14
  15     public function test_users_manage_permission_needed_for_all_endpoints()
  16     {
  17         // TODO
  18     }
  19
  20     public function test_no_endpoints_accessible_in_demo_mode()
  21     {
  22         // TODO
  23         // $this->preventAccessInDemoMode();
  24         // Can't use directly in constructor as blocks access to docs
  25         // Maybe via route middleware
  26     }
  27
  28     public function test_index_endpoint_returns_expected_shelf()
  29     {
  30         $this->actingAsApiAdmin();
  31         /** @var User $firstUser */
  32         $firstUser = User::query()->orderBy('id', 'asc')->first();
  33
  34         $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
  35         $resp->assertJson(['data' => [
  36             [
  37                 'id'   => $firstUser->id,
  38                 'name' => $firstUser->name,
  39                 'slug' => $firstUser->slug,
  40                 'email' => $firstUser->email,
  41                 'profile_url' => $firstUser->getProfileUrl(),
  42                 'edit_url' => $firstUser->getEditUrl(),
  43                 'avatar_url' => $firstUser->getAvatar(),
  44             ],
  45         ]]);
  46     }
  47
  48     public function test_read_endpoint()
  49     {
  50         $this->actingAsApiAdmin();
  51         /** @var User $user */
  52         $user = User::query()->first();
  53         /** @var Role $userRole */
  54         $userRole = $user->roles()->first();
  55
  56         $resp = $this->getJson($this->baseEndpoint . "/{$user->id}");
  57
  58         $resp->assertStatus(200);
  59         $resp->assertJson([
  60             'id'         => $user->id,
  61             'slug'       => $user->slug,
  62             'email'      => $user->email,
  63             'external_auth_id' => $user->external_auth_id,
  64             'roles' => [
  65                 [
  66                     'id' => $userRole->id,
  67                     'display_name' => $userRole->display_name,
  68                 ]
  69             ],
  70         ]);
  71     }
  72
  73     public function test_delete_endpoint()
  74     {
  75         $this->actingAsApiAdmin();
  76         /** @var User $user */
  77         $user = User::query()->where('id', '!=', $this->getAdmin()->id)
  78             ->whereNull('system_name')
  79             ->first();
  80
  81         $resp = $this->deleteJson($this->baseEndpoint . "/{$user->id}");
  82
  83         $resp->assertStatus(204);
  84         $this->assertActivityExists('user_delete', null, $user->logDescriptor());
  85     }
  86
  87     public function test_delete_endpoint_fails_deleting_only_admin()
  88     {
  89         $this->actingAsApiAdmin();
  90         $adminRole = Role::getSystemRole('admin');
  91         $adminToDelete = $adminRole->users()->first();
  92         $adminRole->users()->where('id', '!=', $adminToDelete->id)->delete();
  93
  94         $resp = $this->deleteJson($this->baseEndpoint . "/{$adminToDelete->id}");
  95
  96         $resp->assertStatus(500);
  97         $resp->assertJson($this->errorResponse('You cannot delete the only admin', 500));
  98     }
  99
 100     public function test_delete_endpoint_fails_deleting_public_user()
 101     {
 102         $this->actingAsApiAdmin();
 103         /** @var User $publicUser */
 104         $publicUser = User::query()->where('system_name', '=', 'public')->first();
 105
 106         $resp = $this->deleteJson($this->baseEndpoint . "/{$publicUser->id}");
 107
 108         $resp->assertStatus(500);
 109         $resp->assertJson($this->errorResponse('You cannot delete the guest user', 500));
 110     }
 111 }